CVE-2006-0256

CVE-2006-0256 affects Oracle Database Server in multiple versions (e.g., 8.1.7.x, 9.2.x, 10g) with an unspecified impact in the CVE record. Connected sources describe a login-time SQL injection vulnerability in the Oracle DBMS login/authentication flow (AUTH_ALTER_SESSION) that could enable remot...

CVE-2006-0286

Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln OHS01...

CVE-2006-0267

CVE-2006-0267 affects Oracle Database Server 9.2.0.6 and 10.1.0.4, specifically the Query Optimizer component. The vulnerability’s impact is described as unspecified by Oracle Vuln# DB20, with the NVD entry noting a high base score (CVSS v2: 9.0) and a network attack vector with required low comp...

CVE-2006-0257

Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliab...

CVE-2006-0257

CVE-2006-0257 concerns Oracle Database Server’s Change Data Capture (CDC) component. The entry notes an unspecified vulnerability with unspecified impact/attack vectors, later attributed by independent researchers to a possible SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILI...

[Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT

Oracle forgot to inform me that these vulnerabilities are also fixed. http://www.red-database-security.com/advisory/oraclesqlinjectionkupv$ ft.html SQL Injection in package SYS.KUPV$FT Name SQL Injection in package SYS.KUPV$FT Affected Oracle 10g Release 1 Severity High Risk Category SQL Injectio...

[Full-disclosure] Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA

Hello FD reader Oracle released the first critical patch update for 2006 with bugfixes for 82 vulnerabilities. http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html Additional information concerning the Oracle January 2006 CPU is available here...

[Full-disclosure] Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext

Hello FD-Reader Event 10053 logs the TDE masterkey in cleartext into the trace file. Oracle fixed this problem with CPU January 2006. http://www.red-database-security.com/advisory/oracletdewalletpassword .html Name Event 10053 logs TDE wallet password in cleartext Systems Oracle Database 10g...

Oracle Applications One-Hour Install Detect

We detected the remote web server as an Oracle Applications SPDX-FileCopyrightText: 2001 Noam Rathaus SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Oracle Web Administration Server Detection

We detected the remote web server as an Oracle Administration web server. This web server enables attackers to configure your Oracle Database server if they gain access to a valid authentication username and password. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpt...

CVE-2005-3438

Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln 1 DB04 in Change Data Capture; 2 DB06 in Data Guard Logical Standby; 3 DB10 in Locale; 4 DB12 in Materialized Views; 5 DB13 in Objects Extension; 6 DB15 in...

CVE-2005-3439

Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln 1 DB02, 2 DB03, and 3 DB05 in Change Data Capture; 4 DB07 in Data Pump Export; and 5 DB18, 6 DB19, 7 DB20, 8 DB21, 9 DB22, 10 DB23, 11 DB24, and 12 DB25 in t...

CVE-2005-3439

Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln 1 DB02, 2 DB03, and 3 DB05 in Change Data Capture; 4 DB07 in Data Pump Export; and 5 DB18, 6 DB19, 7 DB20, 8 DB21, 9 DB22, 10 DB23, 11 DB24, and 12 DB25 in t...

CVE-2005-3445

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2005-3440

Technical details about CVE-2005-3440 are not provided in the supplied documents. No affected product/version or concrete impact is documented here; monitor for updates.

CVE-2005-3440

Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln DB08...

CVE-2005-3443

Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln DB17...

Oracle Database Server buffer overflow in Security Component

Overview The Oracle Database Server Security Component contains a buffer overflow. Exploitation may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A lack of input validation in the Oracle Database Server Security Component may allow a buffer...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_route

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...